Set correct override permissions for non-root usage in Docker

Author: pimterry

pack.ts

@@ -36,6 +36,7 @@ const packageApp = async () => {
     await Promise.all([
         // Include the packaging & build scripts:
         'build-release.sh',
+        'prepare.ts',
         // Include package-lock.json, to keep dependencies locked:
         'package-lock.json',
         // Add the fully bundled source (not normally packaged by npm):

package-lock.json

@@ -17,7 +17,7 @@
     "start": "node-dev ./bin/run start",
     "build:src": "rm -rf lib && tsc -b --force",
     "build:release": "oclif-dev manifest && webpack && ts-node ./pack.ts",
-    "prepare": "cd ./overrides/js && npm install",
+    "prepare": "ts-node ./prepare.ts",
     "prepack": "npm run build:src && oclif-dev manifest",
     "test": "cross-env TS_NODE_FILES=true mocha --exit -r ts-node/register 'test/**/*.spec.ts'",
     "test:release": "cross-env TEST_BUILT_TARBALL=1 npm run test"
@@ -87,6 +87,7 @@
     "@types/env-paths": "^1.0.2",
     "@types/express": "^4.16.1",
     "@types/fs-extra": "^8.0.0",
+    "@types/klaw": "^3.0.2",
     "@types/lodash": "^4.14.117",
     "@types/mocha": "^5.2.5",
     "@types/node": "^16.3.2",
@@ -102,6 +103,7 @@
     "fs-extra": "^8.1.0",
     "got": "^9.6.0",
     "graphql.js": "^0.6.1",
+    "klaw": "^4.0.1",
     "mocha": "^8.2.1",
     "needle": "^2.4.0",
     "node-dev": "^6.4.0",

package.json

@@ -0,0 +1,50 @@
+import * as path from 'path';
+import type { Stats } from 'fs';
+import * as fs from 'fs/promises';
+import * as klaw from 'klaw';
+import { spawn as spawnAsync, SpawnOptions } from 'child_process';
+
+const spawn = (command: string, args: string[] = [], options: SpawnOptions = {}) => {
+    return new Promise<void>((resolve, reject) => {
+        const proc = spawnAsync(command, args, options);
+        proc.on('exit', (code) => {
+            if (code === 0) resolve();
+            else reject(new Error(
+                `Spawn ${command} ${args.join(' ')} exited with ${code}`
+            ));
+        });
+    });
+}
+
+const collectAsyncIterator = async (asyncIterator: any) => {
+    const result = [];
+    for await (const value of asyncIterator) result.push(value);
+    return result;
+}
+
+
+const OVERRIDES_DIR = path.join(__dirname, 'overrides');
+
+(async () => {
+    console.log('Installing override npm dependencies...');
+
+    await spawn('npm', ['install', '--production'], {
+        cwd: path.join(OVERRIDES_DIR, 'js'),
+        stdio: 'inherit'
+    });
+
+    const files: Array<{
+        path: string,
+        stats: Stats
+    }> = await collectAsyncIterator(klaw(OVERRIDES_DIR));
+
+    // For Docker we don't know the user in the container, so all override files must
+    // be globally readable (and directories globally executable)
+    await files.map(({ path, stats }) =>
+        stats.isDirectory()
+            ? fs.chmod(path, stats.mode | 0o5) // Set o+rx
+            : fs.chmod(path, stats.mode | 0o4) // Set o+r
+    );
+
+    console.log('Override dependencies installed');
+})();